package com.cloud.cloudvideo.config;

import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;

import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import com.cloud.cloudvideo.entity.SysPermission;
import com.cloud.cloudvideo.mapper.SysPermissionMapper;
import com.cloud.cloudvideo.shiro.ShiroRealm;

import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;

@Configuration
public class ShiroConfig {

	@Autowired
	private SysPermissionMapper permissionMapper;

	@Bean
	public ShiroDialect shiroDialect() {
		return new ShiroDialect();
	}

	@Bean
	public ShiroFilterFactoryBean shiroFilterFactoryBean(org.apache.shiro.mgt.SecurityManager securityManager) {
		// shiroFilterFactoryBean对象
		ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();

		// 配置shiro安全管理器 SecurityManager
		shiroFilterFactoryBean.setSecurityManager(securityManager);

		// 指定要求登录时的链接
		shiroFilterFactoryBean.setLoginUrl("/login");
		// 登录成功后要跳转的链接
		shiroFilterFactoryBean.setSuccessUrl("/index");
		// 未授权时跳转的界面;
		shiroFilterFactoryBean.setUnauthorizedUrl("/403");

		// filterChainDefinitions拦截器
		Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
		// 配置不会被拦截的链接 从上向下顺序判断
		filterChainDefinitionMap.put("/manager/**", "anon");
		filterChainDefinitionMap.put("/login", "authc");

		// 配置退出过滤器,具体的退出代码Shiro已经替我们实现了
		filterChainDefinitionMap.put("/logout", "logout");

		// <!-- authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问【放行】-->
		filterChainDefinitionMap.put("/**", "authc");

		List<SysPermission> list = permissionMapper.selectByExample(null);
		for (SysPermission permission : list) {
			filterChainDefinitionMap.put(permission.getUrl(), "perms[" + permission.getPerms() + "]");
		}

		shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
		return shiroFilterFactoryBean;
	}

	/**
	 * shiro安全管理器设置realm认证
	 * 
	 * @return
	 */
	@Bean
	public org.apache.shiro.mgt.SecurityManager securityManager(@Autowired ShiroRealm shiroRealm) {
//	public org.apache.shiro.mgt.SecurityManager securityManager() {
		DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
		// 设置realm.
//		securityManager.setRealm(shiroRealm());
		securityManager.setRealm(shiroRealm);
		// //注入ehcache缓存管理器;
//		securityManager.setCacheManager(ehCacheManager());
		return securityManager;
	}

	/**
	 * 身份认证realm; (账号密码校验；权限等)
	 *
	 * @return
	 */
	@Bean
	public ShiroRealm shiroRealm(HashedCredentialsMatcher hashedCredentialsMatcher) {
		ShiroRealm shiroRealm = new ShiroRealm();
		shiroRealm.setCredentialsMatcher(hashedCredentialsMatcher);
		return shiroRealm;
	}
	
	
	@Bean
	public HashedCredentialsMatcher hashedCredentialsMatcher() {
		HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
		matcher.setHashAlgorithmName("MD5");
		return matcher;
	}
	

	/**
	 * ehcache缓存管理器；shiro整合ehcache： 通过安全管理器：securityManager
	 * 
	 * @return EhCacheManager
	 */
//	@Bean
//	public EhCacheManager ehCacheManager() {
//		EhCacheManager cacheManager = new EhCacheManager();
//		cacheManager.setCacheManagerConfigFile("classpath:ehcache.xml");
//		return cacheManager;
//	}

}
